Skip to main content
AMLReady

Legal

Privacy Policy

Effective date: June 20, 2026

This policy explains what personal information AMLReady collects, why we collect it, who we share it with, and the choices you have. We keep data collection to the minimum needed to run the practice test.

Overview

AMLReady (“we,” “us,” or “our”) operates an online practice test for individuals preparing for the CAMS® certification exam. We are committed to handling your personal information responsibly and collecting only what we need to provide the service.

This policy applies to information we process when you visit the site, create an account, take a practice test, or purchase a diagnostic report.

Data we collect

We collect the following categories of information:

  • Account information. Your email address, which is used to sign you in and to send service-related messages (for example, a sign-in link). If you sign in with Google, we receive your email address and basic profile identifier from Google.
  • Practice activity. The practice tests you start, the answers you select, your scores, and timestamps. This lets us show you your results and (if unlocked) your diagnostic report.
  • Payment information. If you purchase a diagnostic report, payment is processed by Stripe. Your card number and full payment details are entered on Stripe’s systems and are never stored on our servers. We receive only a confirmation that the payment succeeded and a non-sensitive reference for that transaction.
  • Basic technical data. Standard server and security logs (such as IP address and browser type) that our hosting provider records to operate the site and prevent abuse.

How we use your data

We use your information to:

  • Authenticate you and keep your account secure.
  • Deliver the practice test, store your attempts, and generate your score and diagnostic report.
  • Process your purchase and provide proof of access for support.
  • Send you service messages (such as sign-in links and purchase receipts). We do not send marketing email unless you separately opt in.
  • Maintain the security, integrity, and reliability of the service, and comply with our legal obligations.

Under the GDPR, our legal bases for processing are: performance of our contract with you (providing the test you signed up for), our legitimate interests (keeping the service secure and functional), and compliance with legal obligations (such as tax and accounting records for payments).

Cookies

We use a single essential session cookie to keep you signed in as you move between pages. This cookie is required for the service to function and cannot be switched off through the site.

We do not use advertising cookies, cross-site tracking cookies, or third-party analytics that profile you. Because we use only strictly necessary cookies, no cookie-consent banner is required under most regimes. If we add non-essential cookies in the future, we will update this policy and present a consent banner before setting them.

Third-party services

We share personal information only with the service providers we rely on to operate the site. Each acts as our processor and is bound to use the data only to provide its service:

  • Stripe — payment processing. Stripe handles your card details directly. See Stripe’s privacy policy at stripe.com/privacy.
  • Our email delivery provider — sends transactional email such as sign-in links and receipts.
  • Vercel — hosting and content delivery for the site.
  • Google — used only if you choose to sign in with Google (OAuth). We do not post anything to your Google account.

We do not sell your personal information, and we do not share it with third parties for their own advertising.

Your privacy rights

Depending on where you live, you may have some or all of the following rights over your personal information:

  • Access. Request a copy of the personal data we hold about you.
  • Deletion. Ask us to delete your account and associated data.
  • Export / portability. Receive your practice activity in a portable format.
  • Correction. Ask us to correct inaccurate information.
  • Objection / restriction. Object to or restrict certain processing.

California residents (CCPA/CPRA): you have the right to know what personal information we collect, to request its deletion, and to not be discriminated against for exercising these rights. We do not sell or “share” personal information as those terms are defined under California law.

To exercise any of these rights, email us at privacy@example.com. We may need to verify your identity before acting on a request, and we will respond within the timeframe required by applicable law.

Data retention

We keep your account and practice activity for as long as your account is active, so that your past attempts and results remain available for your own reference. You can ask us to delete your account and its data at any time by emailing privacy@example.com.

We retain limited payment and transaction records for as long as required to meet tax, accounting, and legal obligations, even after an account is deleted.

Security

We use reasonable technical and organizational measures to protect your information, including encrypted connections (HTTPS) and delegating card processing to Stripe so that we never handle raw card data. No method of transmission or storage is perfectly secure, but we work to protect your information and to limit access to it.

Children

The service is intended for adults preparing for a professional certification and is not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page. Your continued use of the service after an update means you accept the revised policy.

Last updated: June 20, 2026.

Contact us

Questions about this policy or your data? Email us at privacy@example.com.